3a7302efdb5de0331c4f81d5dc42b5bc32bd4ebe0594b84110b86665e86cbdc8

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 05:20

Target

078783d6fd6b2b166f7b92dcb5d04623.dll
Size

156KB
MD5

078783d6fd6b2b166f7b92dcb5d04623
SHA1

e71e9257dd3b6f4019a8abdeedcaf803fc528f71
SHA256

3a7302efdb5de0331c4f81d5dc42b5bc32bd4ebe0594b84110b86665e86cbdc8
SHA512

13f3d7e482b4c69b54d05c2da92c73cd2032b9bd1bb454bf80c52868d11b1d04f583ff159b5dd9c4296763f463b048c117a42fdc7fd588675f36daccf6cf2fab
SSDEEP

3072:b3Sj5cB6MxknJlz78AC7OJv1UJkQtSzEz2RUf9oUD+JDqoroEbAjRYXnL:rSexk3NU6lAz2RoyJVSjRYXL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 4852	4048	rundll32.exe	88
PID 4048 wrote to memory of 4852	4048	rundll32.exe	88
PID 4048 wrote to memory of 4852	4048	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\078783d6fd6b2b166f7b92dcb5d04623.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\078783d6fd6b2b166f7b92dcb5d04623.dll,#1
  2⤵
  PID:4852

memory/4852-2-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/4852-1-0x00000000007E0000-0x00000000007EC000-memory.dmp

Filesize
48KB

Download
memory/4852-0-0x00000000007E0000-0x00000000007EC000-memory.dmp

Filesize
48KB

Download
memory/4852-6-0x00000000007E0000-0x00000000007EC000-memory.dmp

Filesize
48KB

Download
memory/4852-7-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download